Abstract not found

. In this article we survey recent developments concerning the discrete logarithm problem. Both theoretical and practical results are discussed. We emphasize the case of finite fields, and in particular, recent modifications of the index calculus method, including the number field sieve and the function field sieve. We also provide a sketch of the some of the cryptographic schemes whose security depends on the intractibility of the discrete logarithm problem. 1 Introduction Let G be a cyclic group generated by an element t. The discrete logarithm problem in G is to compute for any b 2 G the least non-negative integer e such that t e = b. In this case, we write log t b = e. Our purpose, in this paper, is to survey recent work on the discrete logarithm problem. Our approach is twofold. On the one hand, we consider the problem from a purely theoretical perspective. Indeed, the algorithms that have been developed to solve it not only explore the fundamental nature of one of the basic s...

Abstract. We study a generalized version of the index calculus method for the discrete logarithm problem in Fq, whenq = p n, p is a small prime and n →∞. The database consists of the logarithms of all irreducible polynomials of degree between given bounds; the original version of the algorithm uses lower bound equal to one. We show theoretically that the algorithm has the same asymptotic running time as the original version. The analysis shows that the best upper limit for the interval coincides with the one for the original version. The lower limit for the interval remains a free variable of the process. We provide experimental results that indicate practical values for that bound. We also give heuristic arguments for the running time of the Waterloo variant and of the Coppersmith method with our generalized database. 1.

We postulate that a distribution is pseudorandom if it cannot be told apart from the uniform distribution by an efficient procedure. This yields a robust definition of pseudorandom generators as efficient deterministic programs stretching short random seeds into longer pseudorandom sequences. Thus, pseudorandom generators can be used to reduce the randomness-complexity in any efficient procedure. We show that pseudorandom generators and computational difficulty are closely related: loosely speaking, each can be efficiently transformed into the other.

An important component of the index calculus methods for finding discrete logarithms is the acquisition of smooth polynomial relations. Gordon and McCurley (1992) developed a sieve to aid in finding smooth Coppersmith polynomials for use in the index calculus method. We discuss their approach and some of the difficulties they found with their sieve. We present a new sieving method that can be applied to any affine subspace of polynomials over a finite field.

Abstract not found

kept secret. Anyone wishing to send a message to a person in the directory can simply look up the public encryption key for that person and use it to encrypt the message. Then, assuming the decryption key is known only to the intended receiver of the message, only that person can decrypt the message. Of course in such a public-key system it must be computationally infeasible to deduce the decryption key (or the decryption algorithm) from the public key (or the public encryption algorithm), even when general information about the system and how it operates is known. This leads to the idea of one-way functions. A function f is called a one-way function if for any x in the necessarily large domain of f , f(x) can be e#ciently computed but for virtually all y in the range of f , it is computationally infeasible to find any x such that f(x) = y. Pu

The first practical public key cryptosystem to be published, the Diffie-Hellman key exchange algorithm, was based on the assumption that discrete logarithms are hard to compute. This intractability hypothesis is also the foundation for the presumed security of a variety of other public key schemes. While there have been substantial advances in discrete log algorithms in the last two decades, in general the discrete log still appears to be hard, especially for some groups, such as those from elliptic curves. Unfortunately no proofs of hardness are available in this area, so it is necessary to rely on experience and intuition in judging what parameters to use for cryptosystems. This paper presents a brief survey of the current state of the art in discrete logs. 1. Introduction Many of the popular public key cryptosystems are based on discrete exponentiation. If G is a group, such as the multiplicative group of a finite field or the group of points on an elliptic curve, and g is an elem...

. This paper is an introduction to cryptography. It covers secretkey message authentication codes, unpredictable random functions, public-key secret-sharing systems, and public-key signature systems. 1.